cloudkms

package
v0.11.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 5, 2020 License: Apache-2.0 Imports: 9 Imported by: 11

Documentation

Overview

Package cloudkms provides a Google Cloud Key Management Service (KMS) implementation of the crypto.Signer interface.

The documentation for Google Cloud KMS can be found here: https://cloud.google.com/kms/docs

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Client

type Client struct {
	// contains filtered or unexported fields
}

Client is a client for interacting with the Google Cloud KMS API using types native to the Flow Go SDK.

func NewClient

func NewClient(ctx context.Context) (*Client, error)

NewClient creates a new KMS client.

func (*Client) GetPublicKey

func (c *Client) GetPublicKey(ctx context.Context, key Key) (crypto.PublicKey, crypto.HashAlgorithm, error)

GetPublicKey fetches the public key portion of a KMS asymmetric signing key version.

ECDSA_P256 is currently the only Flow signature algorithm supported by Google Cloud KMS.

Ref: https://cloud.google.com/kms/docs/retrieve-public-key

func (*Client) SignerForKey

func (c *Client) SignerForKey(
	ctx context.Context,
	address flow.Address,
	key Key,
) (*Signer, error)

SignerForKey returns a new Google Cloud KMS signer for an asymmetric key version.

type Key

type Key struct {
	ProjectID  string `json:"projectId"`
	LocationID string `json:"locationId"`
	KeyRingID  string `json:"keyRingId"`
	KeyID      string `json:"keyId"`
	KeyVersion string `json:"keyVersion"`
}

Key is a reference to a Google Cloud KMS asymmetric signing key version.

Ref: https://cloud.google.com/kms/docs/creating-asymmetric-keys#create_an_asymmetric_signing_key

func KeyFromResourceID

func KeyFromResourceID(resourceID string) (Key, error)

func (Key) ResourceID

func (k Key) ResourceID() string

ResourceID returns the resource ID for this KMS key version.

Ref: https://cloud.google.com/kms/docs/getting-resource-ids

type Signer

type Signer struct {
	// contains filtered or unexported fields
}

Signer is a Google Cloud KMS implementation of crypto.Signer.

func (*Signer) Sign

func (s *Signer) Sign(message []byte) ([]byte, error)

Sign signs the given message using the KMS signing key for this signer.

Reference: https://cloud.google.com/kms/docs/create-validate-signatures

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL